Quizzes for CLF-C01 & CLF-C02 Sec�on 1 Ques�on 1 Which of the six advantages of cloud computing enables a corporate organization to adopt a utility-based approach to spending on IT? A. Trade capital expense for variable expense B. Stop guessing about capacity. C. Increase speed and agility. D. Ability to rent physical space at Amazon Datacentre to rack your server hardware. Correct Answer – A Corpora�ons can stop inves�ng in extensive IT infrastructure, which �es up capital and switch to an OPEX IT investment model. This enables companies to trade capital expenses for variable expenses. Ques�on 2 Which component of the AWS Global Infrastructure is used to enable clients to distribute images and videos over a content delivery network? A. Regions B. Edge Loca�ons C. Availability Zones D. AWS CacheBox Correct Answer – B Edge Loca�ons are also known as Point of Presence, and they host infrastructure designed to cache content locally for a specified Time to Live (TTL). Edge Loca�ons are used by Amazon CloudFront, which offers Content Delivery Solu�ons. Ques�on 3 Which Cloud Computing model refers to the basic building blocks for cloud IT and typically provides access to networking, storage, compute and databases in the cloud? A. IaaS B. PaaS C. SaaS D. TaaS Correct Answer – A IaaS refers to the basic building blocks for cloud IT and typically provides access to networking, storage, compute and databases in the cloud. It enables you to build your infrastructure in the cloud much the same way you would build on-premise. Ques�on 4 Which Cloud Deployment Model refers to a way to connect infrastructure and applications between cloud-based resources and existing resources that are not located in the cloud, such as an on-premises datacentre? A. Hybrid Cloud B. Private Cloud C. Public Cloud D. Virtual Private Cloud Correct Answer – A The most common method of hybrid deployment is between the cloud and exis�ng onpremises infrastructure to extend and grow, an organiza�on's infrastructure into the cloud while connec�ng cloud resources to the internal system. Ques�on 5 Which AWS Service enables you to create Billing Alarms? A. CloudWatch B. CloudTrail C. AWS Alarms D. Cost Explorer Correct Answer – A You can monitor your es�mated AWS charges using Amazon CloudWatch and configure email alerts and alarms when your bill exceeds a threshold in US dollars. Sec�on 2 Ques�on 1 You wish to configure your IAM User accounts with an additional layer of security so that you can prevent brute force attacks where malicious attackers try to guess your IAM users' password while attempting to log in using the AWS management console? Which AWS IAM feature will enable you to achieve this requirement? A. Configure your IAM Users with Multi-Factor Authentication B. Configure password complexity for your IAM Users C. Configure Access Key IDs and Secret Access Keys D. Have two passwords for every AWS IAM User account. Correct Answer – A AWS Mul�-Factor Authen�ca�on (MFA) is a simple best prac�ce that adds a layer of protec�on on top of your username and password. With MFA enabled, when a user signs in to an AWS website, they will be prompted for their user name and password (the first factor—what they know), as well as for an authen�ca�on response from their AWS MFA device (the second factor—what they have). These mul�ple factors provide increased security for your AWS account se�ngs and resources. Ques�on 2 What format are IAM Policy documents written in? A. JSON B. XML C. Java D. Bash Script Correct Answer – A Policies are stored in AWS as JSON documents and are atached to principals as iden�tybased policies in IAM. Ques�on 3 What types of IAM policies are created and managed by AWS? A. AWS Managed Policies B. Customer Managed Policies C. Single Policies D. Regional Policies Correct Answer – A Managed policies that are created and managed by AWS. Ques�on 4 Which IAM feature can you use to assign permissions to IAM users who share a similar job function which will ensure better management of those policies? A. IAM Groups B. IAM Policy C. IAM Roles D. IAM Team Correct Answer – A Instead of defining permissions for individual IAM users, crea�ng groups that relate to job func�ons (administrators, developers, accoun�ng, etc.) is usually more convenient. Next, define the relevant permissions for each group. Finally, assign IAM users to those groups. Ques�on 5 When considering best practices, what strategy should you adopt when assigning permissions to your IAM Users? A. Adopt the principle of least privileges. B. Adopt the strategy of granting full admin access C. Share the root account credential with only a handful of IAM users. D. Configure IAM User account with MFA protection. Correct Answer – A When you create IAM policies, follow the standard security advice of gran�ng the least privilege, or gran�ng only the permissions required to perform a task. Sec�on 3 Ques�on 1 Which AWS Service offers unlimited object-based storage that can be used to store backups of Word, Excel and PowerPoint documents? A. Amazon S3 B. Amazon EFS C. Amazon EBS D. Amazon Blob Storage Correct Answer – A Amazon S3 Amazon Simple Storage Service (Amazon S3) is an object storage service that can be used to store and protect any amount of data for a range of use cases, such as websites, mobile applications, backup and restore, Amazon Web Services – Overview of Amazon Web Services Page 84 archive, enterprise applications, IoT devices, and big data analytics. Ques�on 2 Which AWS Service can transfer 500TB of data in the shortest time? A. Amazon Snowball B. Amazon Direct Connect C. Amazon DMS D. Amazon Transfer Acceleration Correct Answer – A Snowball is a petabyte-scale data transport solution that uses devices designed to be secure to transfer large amounts of data into and out of the AWS Cloud. Using Snowball, you can transfer large amounts faster than any Internet or Direct Connect service. Ques�on 3 Which AWS Services offers highly low-cost storage service for data archiving and long-term backup? A. Amazon Glacier B. Amazon Storage Gateway C. Amazon FSx for Lustre D. Amazon EBS Correct Answer – A Amazon S3 Glacier is a secure, durable, and extremely low-cost storage service for data archiving and long-term backup. Ques�on 4 Which AWS service offers the ability to deploy a standard HTML website that does not require server-side scripting but can scale automatically to cope with any traffic? A. Amazon S3 B. Amazon EC2 C. Amazon Site Service D. Amazon Snowball Correct Answer – A You can host a sta�c website on Amazon Simple Storage Service (Amazon S3). On a sta�c website, individual webpages include sta�c content. They might also contain client-side scripts but no server-side scripts. The website can scale automa�cally, and AWS manages this. Ques�on 5 Which Amazon S3 Storage Class automatically moves objects that have not been accessed for 30 days to the infrequently access tier, and if an object in the infrequent access tier is accessed, it is automatically moved back to the frequent access tier, thus ensuring that data resides in the most cost-effective tier based on the use case. A. Amazon S3 Intelligent-Tiering B. Amazon S3 Standard (Infrequent Access) C. Amazon S3 One-Zone Infrequent Access D. Amazon S3 Glacier Correct Answer – A The S3 Intelligent-Tiering storage class is designed to op�mize costs by automa�cally moving data to the most cost-effec�ve access �er, without performance impact or opera�onal overhead. Sec�on 4 Ques�on 1 Which AWS VPC feature enables you to ensure that only HTTP traffic is allowed inbound into a given Public Subnet? A. Network Access Control Lists (NACLs B. Security Grouops C. NAT Gateways D. Internet Gateway Correct Answer – A A network access control list (ACL) is an op�onal layer of security for your VPC that acts as a firewall for controlling traffic in and out of one or more subnets. Ques�on 2 Which component of the AWS Global Infrastructure is used by Amazon CloudFront to distribute content across its CDN network? A. Regions B. Availability Zones C. Edge Loca�ons D. VPCs Correct Answer – C To deliver content to end users with lower latency, Amazon CloudFront uses a global network of various Points of Presence (comprising of Edge Loca�ons and Regional Edge Caches). Ques�on 3 Which AWS Service can be used as a hub that you can use to interconnect your Virtual Private Clouds (VPCs) and On-Premises Networks? A. AWS Transit Gateway B. AWS Global Accelerator C. AWS Direct Connect D. Elas�c Load Balancer Correct Answer – A A transit gateway is a network transit hub that you can use to interconnect your virtual private clouds (VPC) and on-premises networks. Ques�on 4 Which AWS service enables you to establish a dedicated network connection between your on-premises network and your Amazon VPC using industry-standard 802.1Q virtual LANS (VLANs)? A. AWS Direct Connect B. AWS WiFi C. AWS VPC Peering D. AWS App Mesh Correct Answer – A AWS Direct Connect lets you establish a dedicated connec�on between your network and one of the AWS Direct Connect loca�ons. Using industry-standard 802.1Q virtual LANS (VLANs), this dedicated connec�on can be par��oned into mul�ple virtual interfaces. Ques�on 5 Which AWS service enables you to build serverless architectures and makes it easy for developers to create, publish, maintain, monitor, and secure APIs in the cloud? A. API Gateway B. AWS Transit Gateway C. AWS Cloud Map D. AWS Private Link Correct Answer – A Amazon API Gateway is a fully managed service that makes it easy for developers to create, publish, maintain, monitor, and secure APIs at any scale. Sec�on 5 Ques�on 1 Which of the following techniques can help you automate the provision and configuration of EC2 instances with specific operating system configuration and installation of applications and thus avoid human error in configuring your virtual servers? A. Bootstrapping B. Crea�on of snapshots C. Using provisioned IOPS volumes D. Load balancing Correct Answer – A Bootstrapping ac�ons can be run as scripts to further customize the deployment at launch �me and, together with Golden AMIs, will ensure that deployments are completed without human error. Ques�on 2 Which EC2 pricing model would you recommend for hosting an application that runs daily batch jobs between 10 AM and 2 PM, Monday to Friday and must not be interrupted? A. On-Demand B. Reserved C. Spot D. Fixed Correct Answer – A The On-Demand pricing model is ideal for this use case because you only pay for the hours that the server is up and running. Ques�on 3 Which service enables you to deploy a virtual server preconfigured with standard applications such as WordPress etc., with little to no AWS experience? A. EC2 B. LightSail C. ECS D. Lambda Correct Answer – B Amazon Lambda enables you to run func�ons responding to triggers without provisioning or managing servers. Ques�on 4 Which AWS service can automatically scale and increase the number of EC2 instances available to support increasing demand for your application? A. Elastic Load Balancer B. Auto Scaling C. EBS D. DMS Correct Answer – B Amazon Auto Scaling is a web service that can horizontally scale your EC2 instance in response to increasing the load on existing server farms by monitoring key metrics from CloudWatch. Ques�on 5 Which AWS storage technology can be attached as a virtual disk to your EC2 Instances? A. EBS B. EFS C. S3 D. Storage Gateway Correct Answer – A EBS is Elastic Block Store, block-level storage that can be attached to any EC2 Instance as a virtual disk in the cloud. EBS Volumes can be formatted, and you can install applications and databases. They also host the operating system of the EC2 instance. Sec�on 6 Ques�on 1 Which of the following database engine is supported by Amazon RDS? A. MySQL B. Cassandra C. Cobol D. MongoDB Correct Answer – A MySQL is a Support RDS Database Engine Ques�on 2 Which of the below is Amazon's proprietary RDS database? A. Aurora B. DynamoDB C. Microsoft SQL D. Visual Basic Correct Answer – A Aurora is Amazon's proprietary RDS database. Amazon Aurora is a MySQL and PostgreSQL-compatible relational database built for the cloud that combines the performance and availability of traditional enterprise databases with the simplicity and cost-effectiveness of open-source databases. Ques�on 3 Which feature of Amazon RDS enables you to copy a database replica to another region that can be used for DR in the event of a major disaster? A. Multi-AZ B. Read Replica C. DR Replica D. Copy Blob Correct Answer – B Read Replicas are asynchronous copies of the master Database and can be manually promoted to a standalone database instance in the event of a major disaster or when you have a company split and if both companies need a copy of the database each. Ques�on 4 Which AWS database service provides a fully managed ledger database that provides a transparent, immutable, and cryptographically verifiable transaction? A. Amazon DynamoDB B. Amazon RDS C. Amazon Redshift D. Amazon QLDB Correct Answer – D Amazon QLDB is a fully managed ledger database that provides a transparent, immutable, and cryptographically verifiable transaction log owned by a central trusted authority. Amazon QLDB tracks every application data change and maintains a complete and verifiable history. Ques�on 5 Which Amazon Database service can be used to create interactive graph applications? A. Amazon DynamoDB B. Amazon Neptune C. Amazon Mars D. Amazon QLDB Correct Answer – B Amazon Neptune is a fast, reliable, fully managed graph database service that makes it easy to build and run applications that work with highly connected datasets. The core of Amazon Neptune is a purpose-built, high-performance graph database engine optimized for storing billions of relationships and querying the graph with milliseconds latency. Sec�on 7 Ques�on 1 Which AWS service enables you to purchase and register new domain names? A. Amazon RDS B. Amazon Route53 C. Amazon DNS D. Amazon EC2 Correct Answer – B Amazon Route53 allows you to register and host your domain names within AWS. Ques�on 2 Which type of Amazon Route53 record can be used to map a zone apex record to an Amazon S3 Static Website Bucket? A. CNAME Record B. A Record C. Alias Record D. MX Record Correct Answer – C Alias records enable you to map the zone apex record of a domain name to any of the published AWS Services, such as the URL of an Elas�c Load Balancer, S3 Sta�c Website Bucket or Elas�c Beanstalk Applica�on URL Ques�on 3 Which type of Amazon Route 53 routing policy enables you to perform A/B testing between an older version of your website and a newer version of your website, such that you can send only a tiny percentage of your total traffic to the newer version of the site and gain insights into how your users are finding the new UI? A. Latency-based rou�ng policy B. Weighted rou�ng policy C. Failover rou�ng policy D. Geoloca�on rou�ng policy Correct Answer – B Use to route traffic to mul�ple resources in propor�ons that you specify. The total weight will be 100. O�en used for tasks such as A/B tes�ng for website updates. Ques�on 4 Which service enables you to resolve public domain names to an IP Address? A. Amazon Route53 B. Amazon Route66 C. Amazon Route21 D. Elas�c Load Balancers Correct Answer – A Route53 offers DNS services and enables you to resolve public DNS names to IP Addresses and AWS Resources such as Elas�c Load Balancers and Elas�c Beanstalk URLS Ques�on 5 Which AWS service enables you to build cross-region High Availability solutions when deploying multiple EC2 webservers across different geographical regions? A. Amazon Route53 B. Amazon ECS C. Amazon Lambda D. AWS Auto Scaling Correct Answer – A Amazon Route53 is a DNS service which offers mul�-region rou�ng policies to enable you to build high-availability solu�ons across geographical regions. Sec�on 8 Ques�on 1 Which AWS service can help you design applications with loose coupling in mind, enabling to build a distributed application model and develop microservices architecture? A. Amazon SQS B. Amazon EFS C. Amazon RDS D. Amazon Macros Correct Answer Amazon Simple Queue Service (SQS) is a fully managed message queuing service that enables you to decouple and scale microservices, distributed systems, and serverless applica�ons. Ques�on 2 You wish to be notified whenever someone uploads a new object to your Amazon S3 Bucket. Which AWS service can be used with Amazon S3 to send such email notifications? A. Amazon Data Sync B. Amazon SNS C. Amazon Workspaces D. Amazon EBS Correct Answer – B Amazon Simple No�fica�on Service (SNS) is a highly available, durable, secure, fully managed pub/sub messaging service enabling you to fan out no�fica�ons to end users using mobile push, SMS, and email protocols and can be used to send out alerts and no�fica�ons of events as they take place. Ques�on 3 Which AWS service enables you to design a sequence of conditional-based tasks allowing your application logic to complete a series of workflows to arrive at a desired outcome? A. Amazon SQS B. Amazon SWF C. Amazon SNS D. Amazon Polly Correct Answer – B The Amazon Simple Workflow Service (Amazon SWF) makes building applica�ons that coordinate work across distributed components easy. In Amazon SWF, a task represents a logical unit of work performed by a component of your applica�on. Coordina�ng tasks across the applica�on involves managing task dependencies, scheduling, and concurrency following the logical flow of the applica�on. Ques�on 4 Which of the following protocols are NOT supported by Amazon SNS A. Email B. HTTP/HTTPS C. Amazon SQS D. FTP Correct Answer – D FTP is not a support transport protocol for Amazon SNS Ques�on 5 Which AWS Service enables you to set up and operate message brokers in the cloud for Apache ActiveMQ? A. Amazon MQ B. Amazon Route53 C. Amazon S3 D. Amazon Route66 Correct Answer – A Amazon MQ is a managed message broker service for Apache Ac�veMQ that makes it easy to set up and operate message brokers in the cloud. Message brokers allow different so�ware systems–o�en using different programming languages, and on different pla�orms– to communicate and exchange informa�on. Sec�on 9 Ques�on 1 Which AWS service offers a managed extract, transform, and load (ETL) process making it easy to prepare and load your data for analytics? A. Amazon ETL B. Amazon Glue C. Amazon Gum D. Amazon S3 Correct Answer – B AWS Glue is a fully managed extract, transform, and load (ETL) service that makes it easy for customers to prepare and load their data for analytics Ques�on 2 Which AWS service enables you to run SQL queries against raw data held in CSV files stored in an Amazon S3 bucket that can be easily imported and analyzed? A. Amazon Athena B. Amazon Neptune C. Amazon CloudFormation D. Amazon Elastic Transcode Correct Answer – A Amazon Athena is an interactive query service that easily analyses data in Amazon S3 using standard SQL. Athena is serverless, so there is no infrastructure to manage, and you pay only for the queries that you run. Ques�on 3 Which AWS service lets you reliably load streaming data into data lakes, data stores and analytics tools such as Amazon S3, Redshift and Elasticsearch? A. Amazon Kinesis Firehose B. Amazon Kinesis Analy�cs C. Amazon Aurora D. Amazon EFS Correct Answer – A Amazon Kinesis Data Firehose is the easiest way to reliably load streaming data into data lakes, data stores and analy�cs tools. It can capture, transform, and load streaming data into Amazon S3, Amazon Redshi�, Amazon Elas�csearch Service, and Splunk, enabling near real�me analy�cs with exis�ng business intelligence tools and dashboards you already use today. Ques�on 4 Which AWS service features build visualizations, perform ad hoc analysis, and get business insights from your data. A. Amazon Glue B. Amazon QuickSight C. Amazon Athena D. Amazon Kinesis Correct Answer – B Amazon QuickSight is a business analy�cs service that builds visualisa�ons, performs ad hoc analysis, and gets business insights from your data. It can automa�cally discover AWS data sources and works with your data sources. Ques�on 5 Which AWS service offers search engine capabilities and is commonly used for log analytics, full-text search, security intelligence, business analytics, and operational intelligence use cases. A. Amazon Elas�csearch B. Amazon Glue C. Google Search D. Amazon QuickSight Correct Answer – A You can send data in JSON documents to Elas�csearch using the API or inges�on tools such as Logstash and Amazon Kinesis Firehose. Elas�csearch automa�cally stores the original document and adds a searchable reference to the document in the cluster’s index. You can then search and retrieve the document using the Elas�csearch API. You can also use Kibana, an open-source visualiza�on tool, with Elas�csearch to visualize your data and build interac�ve dashboards. Sec�on 10 Ques�on 1 You are building a data loss prevention (DLP) application that needs to read text content in images and can detect and prevent the leak of Social Security Numbers as part of your compliance requirements? Which AWS Service can help you with this? A. Amazon Config B. Amazon CloudWatch C. Amazon Rekognition D. Amazon Securicor Correct Answer – C With Amazon Rekognition, you can detect, analyze, and compare text, scenes and faces for various user verification and identify content that should be removed. Ques�on 2 Which service enables you to convert recorded voice files into text? A. Amazon Polly B. Amazon Transcribe C. Amazon Translate D. Amazon Rekogni�on Correct Answer – B Amazon Transcribe is a transcrip�on service that can covert audio files into text. Sec�on 11 Ques�on 1 Which AWS service records API activity which can be used for auditing purposes to determine who accessed which resource, when and from which location? A. Amazon CloudTrail B. Amazon CloudWatch C. Amazon CloudFront D. Amazon Cloud Monitor Correct Answer - A Correct Answer - CloudTrail provides the event history of your AWS account ac�vity, including ac�ons taken through the AWS Management Console, AWS SDKs, command line tools, and other AWS services. Ques�on 2 Which of the following services are offered by Amazon CloudWatch? A. Monitor CPU usage of EC2 Instances B. Enable recoding of API activity against AWS resources C. Mitigate DDoS attacks. D. Distribute content globally. Correct Answer - A With CloudWatch, you can collect and access all your performance and operational data through logs and metrics for Amazon EC2, including CPU Utilization and network traffic inbound/outbound. Ques�on 3 Which AWS service enables you to build your infrastructure as code using JSON templates? A. Amazon CloudFormation B. Amazon CloudWatch C. Amazon IAM D. Amazon OpsWorks Correct Answer – A AWS CloudFormation gives developers and systems administrators an easy way to create and manage a collection of related AWS resources, provisioning and updating them orderly and predictable. You can use AWS CloudFormation’s sample templates or create your templates to describe the AWS resources, and any associated dependencies or runtime parameters, required to run your application. CloudFormation templates can be written in JSON or YAML format. Ques�on 4 Which category of the AWS Trusted Advisor enables you to determine if you have configured your RDS databases with multi-AZ? A. Fault Tolerance B. Performance C. Cost Optimization D. Security Correct Answer – A Explains how to increase the availability and redundancy of your AWS application by taking advantage of auto-scaling, health checks, multi-AZ, and backup capabilities. Ques�on 5 Which of the following is a feature of the AWS Organizations service? A. Deploy virtual servers in the cloud. B. Consolidated Billing C. Create mul�ple IAM users, groups, and roles. D. Enable you to connect your on-premises network to the AWS cloud. Correct Answer – B You can use the consolidated billing feature in AWS Organiza�ons to consolidate billing and payment for mul�ple AWS accounts or Amazon Internet Services Pt. Ltd (AISPL) accounts. Sec�on 12 Ques�on 1 Which services protect against distributed denial of service (DDoS) attacks? A. AWS Shield B. AWS WAF C. AWS inspector D. Network Access Control Lists (NACLs) Correct Answer – A AWS Shield is a managed Distributed Denial of Service (DDoS) protec�on service that safeguards applica�ons running on AWS Ques�on 2 Which security feature of your Amazon VPC can be configured to deny network access from a specific IP address? A. Security Groups B. Amazon WAF C. Network Access Control Lists (NACLs) D. EFS Correct Answer – C A network access control list (ACL) is an optional layer of security for your VPC that acts as a firewall for controlling traffic in and out of one or more subnets. NACLs can be configured to deny traffic from specific sources, such as from specific IP Addresses or IP Ranges Ques�on 3 Under the Shared Security Model, which of the following is the customer's responsibility? A. Allow all traffic over RDP to Windows Servers from only the customer’s corporate network. B. Upgrade the Hypervisors that support your RDS database. C. After data has been copied to your Amazon S3 buckets, perform media sanitising tasks on all Snowball Devices. D. Upgrade the EC2 Hypervisors with the latest bug fixes. Correct Answer – A Enabling inbound and out traffic over RDS to your ECS instances is the customer's responsibility as part of security in the cloud. Ques�on 4 Which AWS service uses a highly secure hardware storage device to store tamper-proof encryption keys? A. CloudHSM B. Snowball C. DeepLense D. AWS Shield Correct Answer – A AWS CloudHSM is a cloud-based hardware security module (HSM) that enables you to quickly generate and use your encryption keys on the AWS Cloud. Ques�on 5 As part of your move to GDPR compliance, you must analyse all data held in your Amazon S3 buckets for Personally identifiable information (PII). Which AWS service offers the capability of identifying such sensitive information and can be used to create dashboards and alerts that give visibility into how this data is being accessed or moved? A. Amazon Snowball B. Amazon Macie C. Amazon Cake D. Amazon Trusted Advisor Correct Answer – B Amazon Macie first creates a baseline and then ac�vely monitors for anomalies that indicate risks and/or suspicious behaviour, such as large quan��es of source code being downloaded, creden�als being stored in an unsecured manner, or sensi�ve data such as Personally Iden�fiable Informa�on (PII) that is configured to be externally accessible. Amazon Macie uses machine learning to automa�cally discover, classify, and protect sensi�ve data in AWS. Macie recognizes sensi�ve data such as personally iden�fiable informa�on (PII) or intellectual property. Sec�on 13 Ques�on 1 One of the seven design principles of the Security Pillar in the Well-Architected Framework refers to applying security at all layers. Which firewall options can you configure to protect your EC2 Instances deployed in a VPC at the network layer? A. Security Groups B. Amazon Macie C. Amazon GuardDuty D. Amazon Detec�ve Correct Answer – A Security Groups are firewalls that protect the individual EC2 Instance and restrict traffic to the instance. Ques�on 2 In applying the principles of the Reliability Pillar for Failure Management, what strategy should you adopt for production workloads when you encounter a failure? A. Send out communications to end-users and work on fixing the failed component. B. Replace the failed component with a new one first to get your application up and running, and analyse the failed resource as a separate exercise. C. Engage with a third party to provide replica services while you work on the failed component. D. Continue with business as usual and schedule the fix after business hours. Correct Answer - 2 Rather than trying to diagnose and fix a failed resource that is part of your production environment, you can replace it with a new one and analyse the failed resource out of the band. Since the cloud enables you to stand up temporary versions of a whole system at a low cost, you can use automated testing to verify complete recovery processes. Sec�on 14 Ques�on 1 Which items should be included in a TCO analysis comparing on-premise to AWS Cloud? A. Opera�ng System Licensing B. IAM User Crea�ons C. Opera�ng System Patching D. Number of CloudForma�on Templates Correct Answer – A Opera�ng System Licensing is a cost that needs to be included in the TCO analysis. Amazon’s managed EC2 instance AMIs include the opera�ng system license cost. Ques�on 2 An architect must produce a proposal summarising the expected cost of deploying web servers on the AWS cloud. Which tool can be used to assist the architect? A. AWS TCO Calculator (now replaced by Migration Evaluator) B. AWS Simply Month Calculator (also known as AWS Pricing Calculator) C. AWS EC2 Cost Report D. AWS Budgets Correct Answer – B The AWS Simply Monthly Calculator (now renamed AWS Pricing Calculator) can be used to es�mate the total cost of deploying various resources on AWS. Ques�on 3 A company would like to maximize their volume discounts on S3 Storage buckets and reserved EC2 instances across multiple accounts. What tool can be configured to help achieve this? A. AWS Organizations B. AWS Budgets C. Amazon S3 D. AWS Support Plans Correct Answer – A With AWS Organizations and Consolidated Billing, you can combine the usage across all accounts to share the volume pricing and Reserved Instance discounts. This can result in a lower charge for your project, department, or company than with an individual standalone account. Ques�on 4 Which AWS tool enables you to forecast how much you will spend for the next three months and get recommendations for what Reserved Instances to purchase? A. AWS Budgets B. AWS Cost Explorer C. AWS Simple Monthly Calculator (AWS Pricing Calculator) D. Amazon CloudWatch Correct Answer – B Cost Explorer is a tool that enables you to view and analyze your costs and usage. You can explore your usage and costs using the main graph, the Cost Explorer cost and usage reports, or the Cost Explorer RI reports. You can view data for the last 13 months, forecast how much you'll likely spend for the next three months, and get recommendations for what Reserved Instances to purchase. You can use Cost Explorer to identify areas that need further inquiry and see trends that you can use to understand your costs.